[Dovecot] dovecot: disable ssl compression

Pavel Stano stano at websupport.sk
Thu Apr 10 16:20:31 UTC 2014


Sorry, i replied to wrong thread

On Thu, 10 Apr 2014 18:08:05 +0200 Pavel Stano <stano at websupport.sk>
wrote:

> Hi,
> 
> yes its the same problem.
> I can confirm that it is caused by last line in base64
> attachment which is longer than 72 chars in original message.
> 
> On Thu, 10 Apr 2014 16:41:38 +0200 Reindl Harald
> <h.reindl at thelounge.net> wrote:
> 
> > 
> > 
> > Am 10.04.2014 15:04, schrieb Andreas Schulze:
> > > Our "it-security" department asked me about Qualys warnings like
> > >    -> SSL/TLS Compression Algorithm Information Leakage
> > > Vulnerability
> > > 
> > > As far as I learned it's compression inside ssl.
> > > postfix-2.11 knows 'tls_ssl_options = no_compression'
> > > ( see http://www.postfix.org/postconf.5.html#tls_ssl_options )
> > > 
> > > is the something comparable in dovecot too?
> > > 
> > > Looks like most extensions in ssl exist only to be disabled :-/
> > 
> > that attacks are not relevant for email because they
> > rely on the way a webbrowser works which is not the
> > case for a mail client - you can't trigger XSS and
> > Ajax in a MUA
> > 
> > https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
> > 
> > >> This year, it's CRIME, a practical attack against how TLS is
> > >> used in browsers. In a wider sense, the same attack conceptually
> > >> applies to any encrypted protocol where the attacker controls
> > >> what is being communicated
> > 
> 
> 
> 



-- 
[ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ]

Pavel Stano | Troubleshooter

http://WebSupport.sk
*** BERTE A VYCHUTNAVAJTE ***

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140410/6e218e9b/attachment-0001.sig>


More information about the dovecot mailing list